A flaw was found in the /v2/_catalog endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: n). This vulnerability allows a malicious user to submit an unreasonably large value for n, causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.
Weakness
The behavior of this function is undefined unless its control parameter is set to a specific value.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openshift_api_for_data_protection | Redhat | - (including) | - (including) |
| Openshift_container_platform | Redhat | 4.0 (including) | 4.0 (including) |
| Openshift_developer_tools_and_services | Redhat | - (including) | - (including) |
| OADP-1.1-RHEL-8 | RedHat | oadp/oadp-velero-plugin-rhel8:1.1.6-5 | * |
| Red Hat OpenShift Container Platform 4.11 | RedHat | openshift4/ose-docker-registry:v4.11.0-202310101543.p0.g431737b.assembly.stream | * |
| Red Hat OpenShift Container Platform 4.12 | RedHat | openshift4/ose-docker-registry:v4.12.0-202309261625.p0.g9e75355.assembly.stream | * |
| Red Hat OpenShift Container Platform 4.13 | RedHat | openshift4/ose-docker-registry:v4.13.0-202309120502.p0.gdb5611b.assembly.stream | * |
| Docker-registry | Ubuntu | bionic | * |
| Docker-registry | Ubuntu | esm-apps/bionic | * |
| Docker-registry | Ubuntu | esm-apps/focal | * |
| Docker-registry | Ubuntu | esm-apps/jammy | * |
| Docker-registry | Ubuntu | esm-apps/xenial | * |
| Docker-registry | Ubuntu | focal | * |
| Docker-registry | Ubuntu | jammy | * |
| Docker-registry | Ubuntu | kinetic | * |
| Docker-registry | Ubuntu | lunar | * |
| Docker-registry | Ubuntu | trusty | * |
| Docker-registry | Ubuntu | upstream | * |
| Docker-registry | Ubuntu | xenial | * |